[Spice-devel] [PATCH] validate tcp port values

Peter Hatina phatina at redhat.com
Wed Jul 11 04:50:04 PDT 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

On 07/11/2012 01:41 PM, Christophe Fergeau wrote:
> On Wed, Jul 11, 2012 at 01:03:28PM +0200, Peter Hatina wrote:
>> Hi,
>> 
>> I had a request to validate TCP port values in spice-xpi, so does
>> this make sense for you?
> 
> This sounds like a good thing to do, though spice-xpi is just a
> gateway here between ovirt/rhev and remote-viewer, so the
> validation is more important there.

Agree, that spice-xpi is kind of proxy/gateway. But if there is a
invalid value passed, we should not blindly launch remote-viewer,
should we?

> 
>> +    // helper function for tcp/udp range conversion and
>> validation +    static int portToInt(const std::string &port) +
>> { +        errno = 0; +        char *end; +        const long int
>> min = 0; +        const long int max = 65535; +        long int
>> conv = strtol(port.c_str(), &end, 10); +        return (errno ||
>> *end != '\0' || end == port.c_str() || conv < min || conv > max) 
>> +            ? -1 : static_cast<int>(conv); +    } }
>> 
>> #ifdef NPAPI_USE_CONSTCHARS @@ -581,6 +593,15 @@ void
>> nsPluginInstance::SendStr(uint32_t id, std::string str)
>> 
>> void nsPluginInstance::Connect() { +    const int port =
>> portToInt(m_port); +    const int sport =
>> portToInt(m_secure_port); +    if (port <= 0) +
>> g_warning("invalid port: '%s'", m_port.c_str()); +    if (sport
>> <= 0) +        g_warning("invalid secure port: '%s'",
>> m_secure_port.c_str()); +    if (port <= 0 && sport <= 0) +
>> return;
> 
> should we return when only one port is invalid?

I think, we should return only when both of ports are invalid.

> 
> 
> Christophe
> 


- -- 
Peter Hatina
EMEA ENG-Desktop Development
Red Hat Czech, Brno


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJP/WhoAAoJELOyt3XzKCKpJU8H/i4pGOCa8XUk4/3LUKC8xriY
EPC165VFWLKF3ndyiNH/4j4TcmkqAh3sfcG8CAEIWV2KXX14myToQmyNX6+yXzD4
CMw3Lv9LrD3CnMWBSgkmuByrMwa9bTfGkVghHo4BJZQVHAcYthBV/xOPbnAZzuvl
PkrrE5qFWLkw88B22jJdaqm1TQhmLg7IoMH9pvCBumSw6Ms4TCBNC/h3FYzFqBX1
vJpV9xizixZj0pn+drlWqEvPh9OsXJbCjdQmtuqTBct4cAM11S19zTD67/21KEf3
GBOEFw8Afj1esrvAjPlgdGOMIh82pmMLOBuhxX+ayDqy4acPNWVx91zXaMP/DGo=
=q+2x
-----END PGP SIGNATURE-----

More information about the Spice-devel mailing list